'nother n00bie Q: Verifying the DSA signature?
Nathan D. Bowen
nbowen+yadis at andtonic.com
Fri May 20 17:22:47 PDT 2005
Brad Fitzpatrick wrote:
>The DSA algorithm only ever signs up to 20 bytes.
>
>We do:
>
> BASE64(DSA(SHA1("2005-05-20T18:30:09Z::assert_identity::blahblah")))
>
>
>
Ah-ha. I inferred a little too much from the fact that the Java code
worked with "DSA" as the algorithm name -- it would've been more
appropriate for me to specify it as "SHA1withDSA". (As is now obvious,
Java uses "DSA", as an alias for "SHA1withDSA").
However, for a little practical advice -- I did find a solution of sorts
to the original problem, which was "how can I check one of these
signatures 'by hand'". The rest of the OpenID specification is simple
enough to test by hand, but the real juicy part is verifying the
signatures, and it's nice to have a way to test that part with existing
tools.
Every openssl binary I could find had the "dss1" digest command missing
from its usage output. But, it turns out that "dss1" was valid on all of
them. For that matter, "dsaWithSHA1" worked on all of them, too.
So, openssl can be coaxed into verifying an openID signature, as long as
you're careful about creating the input files. In particular, the
signature has to be a binary file -- not base64 encoded -- and the input
has to be provided without a newline.
Assuming that LiveJournal's public key is in a file called
'ljpubkey.txt', I had success with the following:
echo 'MCwCaEtcEtcetc==' | openssl base64 -d > sigfile.raw
echo -n '2005-05-20T18:30:09Z::assert_identity::blahblah' | openssl dgst
-dss1 -verify ljpubkey.txt -signature sigfile.raw
Hopefully that can save someone a bit of time.
More information about the yadis
mailing list